Early Detection Through Deception

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 7, 2019, noon (30 minutes)

This talk will discuss and give real world examples of deploying deception techniques to trick attackers into revealing their presence and intentions. The talk will focus on outing attackers at the earliest stages of an engagement, focusing first on using deception to detect and confuse OSINT gathering and attacks against external systems. We will then pivot to deploying simple deception objects on your internal network to detect compromises as early as possible. We will discuss using an attacker's methods and tools against themselves, giving an attacker the sort of data they hope for, only to use it to trigger alerts and shut them down. Lay down some traps, troll the attackers, make them swear and kick puppies.

Presenters:

• Jason Nester
  Jason is passionate about defending organizations often using unique and unexpected methods. Nothing makes him smile more than ticking off attackers and red teamers. He has worked for companies both large and small in manufacturing, healthcare, government contracting, retail, and the hospitality industries holding positions ranging from software development, infrastructure administration, security analyst, security manager, IT director, and systems architect. He also enjoys irritating his co-workers with his awful singing voice. Especially early in the morning.

Links:

• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Early Detection Through Deception Jason Nester.mp4
• https://infocon.org/cons/DerbyCon/DerbyCon 9 2019/Early Detection Through Deception Jason Nester.eng.srt (subtitles)
• https://www.youtube.com/watch?v=aWCaktKJgaM

Similar Presentations:

• Black Hat USA 2018 / Real Eyes, Realize, Real Lies: Beating Deception Technologies
• ShmooCon XI (2015) / Deception for the Cyber Defender: To Err is Human; to Deceive, Divine
• NolaCon 2017 / Easy Indicators of Compromise: Creating a Deception Infrastructure